Security is separated into impl and jpatest because current JPA 2.0 implementations (hibernate, eclipse-link) are not available on central maven repo. Therefore, the tests that depend on them must be put into a separate jpatest project.